[opgelost] HJT trojans en pop-ups

[Piliniak]

Sinds enkele dagen geeft AVG aan dat ik trojans heb. Ook (of misschien daardoor) heb ik last van plotselingen pop-ups, ook als ik geen browser open heb staan.

[hjt]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:53, on 15-1-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
c:\windows\system32\dwm.exe
c:\windows\explorer.exe
c:\windows\system32\taskeng.exe
c:\program files\delltpad\apoint.exe
c:\windows\oem02mon.exe
c:\program files\dell\dell webcam manager\dellwmgr.exe
c:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe
c:\program files\dell\mediadirect\pcmservice.exe
c:\program files\dell support center\bin\sprtcmd.exe
c:\program files\adobe\reader 8.0\reader\reader_sl.exe
c:\program files\common files\logishrd\lcommgr\communications_helper.exe
c:\program files\labtec\webcam10\webcam10.exe
c:\program files\sigmatel\c-major audio\wdm\sttray.exe
c:\program files\java\jre6\bin\jusched.exe
c:\program files\avg\avg9\avgtray.exe
c:\program files\itunes\ituneshelper.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehtray.exe
c:\program files\windows live\messenger\msnmsgr.exe
c:\program files\widcomm\bluetooth software\bttray.exe
c:\program files\digital line detect\dlg.exe
c:\windows\ehome\ehmsas.exe
c:\program files\dell\quickset\quickset.exe
c:\program files\delltpad\apmsgfwd.exe
c:\program files\delltpad\apntex.exe
c:\program files\delltpad\hidfind.exe
c:\program files\windows media player\wmpnscfg.exe
c:\program files\common files\logishrd\lcommgr\lvcomsx.exe
c:\program files\widcomm\bluetooth software\btstackserver.exe
c:\program files\common files\roxio shared\9.0\sharedcom\cpshelprunner.exe
c:\program files\mozilla firefox\firefox.exe
c:\program files\trend micro\hijackthis\hijackthis.exe

r1 - hkcu\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hkcu\software\microsoft\internet explorer\main,start page = about:blank
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r1 - hkcu\software\microsoft\internet explorer\main,window title = internet explorer aangeboden door dell
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = *.local
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
o1 - hosts: ::1 localhost
o2 - bho: adobe pdf reader link helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
o2 - bho: skype add-on (mastermind) - {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o2 - bho: wormradar.com iesiteblocker.navfilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
o2 - bho: search helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
o2 - bho: aanmeldhulp voor windows live id - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: browser address error redirector - {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\bae.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: google gears helper - {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
o2 - bho: windows live toolbar helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
o3 - toolbar: &windows live toolbar - {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
o4 - hklm\..\run: [windows defender] %programfiles%\windows defender\msascui.exe -hide
o4 - hklm\..\run: [ecenter] c:\dell\e-center\eulalauncher.exe
o4 - hklm\..\run: [apoint] c:\program files\delltpad\apoint.exe
o4 - hklm\..\run: [oem02mon.exe] c:\windows\oem02mon.exe
o4 - hklm\..\run: [dell webcam manager] c:\program files\dell\dell webcam manager\dellwmgr.exe /s
o4 - hklm\..\run: [isusscheduler] c:\program files\common files\installshield\updateservice\issch.exe -start
o4 - hklm\..\run: [roxwatchtray] c:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe
o4 - hklm\..\run: [dscactivate] c:\program files\dell support center\gs_agent\custom\dsca.exe
o4 - hklm\..\run: [pcmservice] c:\program files\dell\mediadirect\pcmservice.exe
o4 - hklm\..\run: [dellsupportcenter] c:\program files\dell support center\bin\sprtcmd.exe /p dellsupportcenter
o4 - hklm\..\run: [applesyncnotifier] c:\program files\common files\apple\mobile device support\bin\applesyncnotifier.exe
o4 - hklm\..\run: [snpstd] c:\windows\vsnpstd.exe
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files\adobe\reader 8.0\reader\reader_sl.exe
o4 - hklm\..\run: [logitechcommunicationsmanager] c:\program files\common files\logishrd\lcommgr\communications_helper.exe
o4 - hklm\..\run: [logitechquickcamribbon] c:\program files\labtec\webcam10\webcam10.exe /hide
o4 - hklm\..\run: [sigmatelsystrayapp] %programfiles%\sigmatel\c-major audio\wdm\sttray.exe
o4 - hklm\..\run: [quicktime task] c:\program files\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\java\jre6\bin\jusched.exe
o4 - hklm\..\run: [avg9_tray] c:\progra~1\avg\avg9\avgtray.exe
o4 - hklm\..\run: [ituneshelper] c:\program files\itunes\ituneshelper.exe
o4 - hklm\..\run: [nvcpldaemon] rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
o4 - hklm\..\run: [nvhotkey] rundll32.exe c:\windows\system32\nvhotkey.dll,start
o4 - hkcu\..\run: [ehtray.exe] c:\windows\ehome\ehtray.exe
o4 - hkcu\..\run: [dellsupportcenter] c:\program files\dell support center\bin\sprtcmd.exe /p dellsupportcenter
o4 - hkcu\..\run: [msnmsgr] c:\program files\windows live\messenger\msnmsgr.exe /background
o4 - hkcu\..\run: [losalamos] rundll32.exe c:\windows\system32\sshnas21.dll,allocconsolea
o4 - hkcu\..\run: [yno00bfrkm] c:\users\bart\appdata\local\temp\c.exe
o4 - hkus\s-1-5-19\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /detectmem (user 'local service')
o4 - hkus\s-1-5-19\..\run: [windowswelcomecenter] rundll32.exe oobefldr.dll,showwelcomecenter (user 'local service')
o4 - hkus\s-1-5-20\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /detectmem (user 'network service')
o4 - startup: onenote 2007 schermopname en snel starten.lnk = c:\program files\microsoft office\office12\onenotem.exe
o4 - global startup: bttray.lnk = ?
o4 - global startup: digital line detect.lnk = c:\program files\digital line detect\dlg.exe
o4 - global startup: quickset.lnk = ?
o8 - extra context menu item: e&xporteren naar microsoft excel - res://c:\progra~1\micros~2\office12\excel.exe/3000
o8 - extra context menu item: send image to &bluetooth device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
o8 - extra context menu item: send page to &bluetooth device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
o9 - extra button: (no name) - {09c04da7-5b76-4ebc-bbee-b25eac5965f5} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
o9 - extra 'tools' menuitem: &instellingen voor gears - {09c04da7-5b76-4ebc-bbee-b25eac5965f5} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
o9 - extra button: in weblog opnemen - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra 'tools' menuitem: &in weblog opnemen met windows live writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra button: verzenden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra 'tools' menuitem: verz&enden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra button: (no name) - {5067a26b-1337-4436-8afe-ee169c2da79f} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o9 - extra 'tools' menuitem: skype add-on for internet explorer - {5067a26b-1337-4436-8afe-ee169c2da79f} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o9 - extra button: skype - {77bf5300-1474-4ec7-9980-d32b190e9b07} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office12\refiebar.dll
o9 - extra button: @btrez.dll,-4015 - {cca281ca-c863-46ef-9331-5c8d4460577f} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
o9 - extra 'tools' menuitem: @btrez.dll,-12650 - {cca281ca-c863-46ef-9331-5c8d4460577f} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
o13 - gopher prefix:
o16 - dpf: {1e54d648-b804-468d-bc78-4affed8e262e} (system requirements lab) - [noparse]http://www.srtest.com/srl_bin/sysreqlab_srl.cab[/noparse]
o16 - dpf: {3ea4fa88-e0be-419a-a732-9b79b87a6ed0} (ctvuaxctrl object) - [noparse]http://dl.tvunetworks.com/tvuax.cab[/noparse]
o16 - dpf: {4f1e5b1a-2a80-42ca-8532-2d05cb959537} (msn photo upload tool) - [noparse]http://gfx1.hotmail.com/mail/w3/resources/vistamsnpuplden-us.cab[/noparse]
o16 - dpf: {67dabfbf-d0ab-41fa-9c46-cc0f21721616} (divxbrowserplugin object) - [noparse]http://download.divx.com/player/divxbrowserplugin.cab[/noparse]
o16 - dpf: {c3f79a2b-b9b4-4a66-b012-3ee46475b072} (messengerstatsclient class) - [noparse]http://messenger.zone.msn.com/binary/messengerstatspaclient.cab56907.cab[/noparse]
o16 - dpf: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - [noparse]http://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab[/noparse]
o16 - dpf: {f5a7706b-b9c0-4c89-a715-7a0c6b05dd48} (minesweeper flags class) - [noparse]http://messenger.zone.msn.com/binary/minesweeper.cab56986.cab[/noparse]
o18 - protocol: linkscanner - {f274614c-63f8-47d5-a4d1-fbdde494f8d1} - c:\program files\avg\avg9\avgpp.dll
o18 - protocol: skype4com - {ffc8b962-9b40-4dff-9458-1830c7dd7f5d} - c:\progra~1\common~1\skype\skype4~1.dll
o20 - appinit_dlls: c:\progra~1\google\google~2\goec62~1.dll,avgrsstx.dll
o23 - service: andrea st filters service (aestfilters) - andrea electronics corporation - c:\windows\system32\aestsrv.exe
o23 - service: mobiel apple apparaat (apple mobile device) - apple inc. - c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
o23 - service: avg free e-mail scanner (avg9emc) - avg technologies cz, s.r.o. - c:\program files\avg\avg9\avgemc.exe
o23 - service: avg free watchdog (avg9wd) - avg technologies cz, s.r.o. - c:\program files\avg\avg9\avgwdsvc.exe
o23 - service: bonjour-service (bonjour service) - apple inc. - c:\program files\bonjour\mdnsresponder.exe
o23 - service: intel(r) proset/wireless event log (evteng) - intel corporation - c:\program files\intel\wireless\bin\evteng.exe
o23 - service: flexnet licensing service - macrovision europe ltd. - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
o23 - service: googledesktopmanager - google - c:\program files\google\google desktop search\googledesktop.exe
o23 - service: google update service (gupdate) (gupdate) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: installdriver table manager (idrivert) - macrovision corporation - c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe
o23 - service: ipod-service (ipod service) - apple inc. - c:\program files\ipod\bin\ipodservice.exe
o23 - service: lvsrvlauncher - labtec inc. - c:\program files\common files\logishrd\srvlnch\srvlnch.exe
o23 - service: nvidia display driver service (nvsvc) - nvidia corporation - c:\windows\system32\nvvsvc.exe
o23 - service: intel(r) proset/wireless registry service (regsrvc) - intel corporation - c:\program files\intel\wireless\bin\regsrvc.exe
o23 - service: roxmediadb9 - sonic solutions - c:\program files\common files\roxio shared\9.0\sharedcom\roxmediadb9.exe
o23 - service: roxio hard drive watcher 9 (roxwatch9) - sonic solutions - c:\program files\common files\roxio shared\9.0\sharedcom\roxwatch9.exe
o23 - service: supportsoft sprocket service (dellsupportcenter) (sprtsvc_dellsupportcenter) - supportsoft, inc. - c:\program files\dell support center\bin\sprtsvc.exe
o23 - service: sigmatel audio service (stacsv) - idt, inc. - c:\windows\system32\stacsv.exe
o23 - service: steam client service - valve corporation - c:\program files\common files\steam\steamservice.exe
o23 - service: stllssvr - microvision development, inc. - c:\program files\common files\surething shared\stllssvr.exe
o23 - service: xaudioservice - conexant systems, inc. - c:\windows\system32\drivers\xaudio.exe
--
end of file - 13312 bytes

[/hjt]
--- automatische edit ---
En de Uninstall list:

Torrent
Aan de slag met Dell
Aangifte inkomstenbelasting 2008
AC3Filter (remove only)
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe Media Player
Adobe Media Player
Adobe PDF Library Files
Adobe Reader 8.1.6
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced Audio FX Engine
Advanced Video FX Engine
AGEIA PhysX v7.11.13
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
Bonjour
Broadcom Management Programs
Browser Address Error Redirector
Conexant HDA D330 MDC V.92 Modem
Configuratiescherm MobileMe
DAEMON Tools Toolbar
Dell Support Center
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Digital Line Detect
DivX Web Player
D-Link CIF Webcam
FileZilla Client 3.1.5.1
Football Manager 2009
Free YouTube to Mp3 Converter version 3.1
Google Desktop
Google Earth Plug-in
Google Gears
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) PROSet/Wireless Software
iTunes
Java(TM) 6 Update 17
Junk Mail filter update
Labtec WebCam
Labtec Camera-stuurprogramma
Laptop Integrated Webcam Driver (1.04.01.1011)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Logitech Audio Echo Cancellation Component
Logitech Video Enumerator
Malwarebytes' Anti-Malware
mCore
MediaDirect
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 Language Pack SP1 - nld
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Baseline Security Analyzer 2.1
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
mMHouse
Modem Diagnostic Tool
Mozilla Firefox (3.5.7)
mPfMgr
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MVision
mWMI
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenAL
OutlookAddinSetup
PDF Settings
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Skype web features
Skype™ 4.1
Sonic Activation Module
SopCast 3.2.4
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Steam
System Requirements Lab
Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
Uninstall 1.0.0.1
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Word 2007 (KB974561)
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
User's Guides
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.6
WIDCOMM Bluetooth Software 6.0.1.3100
Windows Live - Hulpprogramma voor uploaden
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR
WorldShift
Xvid 1.1.3 final uninstall

 

[*Kingpin*]

Re: HJT trojans en pop-ups

Hoi piliniak


Loopt idd malware mee h34r:


Doe volgende stappen eens:

Fix met Hijackthis volgende sleutels
* Enkel onderstaande regels aanvinken in de scan van HJT.
* Even alle open sites (ook deze) sluiten.
* Dan op het knopje "fix checked" klikken.

o4 - hkcu\..\run: [losalamos] rundll32.exe c:\windows\system32\sshnas21.dll,allocconsolea
o4 - hkcu\..\run: [yno00bfrkm] c:\users\bart\appdata\local\temp\c.exe

Download en gebruik TFC van Oldtimer
(indien je evtl. bestanden in de prullenbak hebt staan, die toch nog niet wegmogen (uitzonderlijk, maar kan altijd ) , haal ze er weer uit, want TFC gaat de prullenbak legen )
* download TFC van Oldtimer klik en kies voor opslaan, sla op naar het bureaublad.
* Sluit evtl. reeds openstaande programma's.
* dubbelklik op het TFC.exe icoontje op het bureaublad
* er opent een venster. Sluit indien nog open ook even je browser na deze stap uitgelezen te hebben ). Klik daarin op knopje "starten". Desktopicoontje en taalbalk gaan even verdwijnen, dat is normaal.
Laat het programma gewoon ongestoord zijn werk doen totdat het klaar is. Dat duurt niet zo heel lang, een paar minuutjes.


Herstart de pc
Indien TFC dat niet automatisch deed


Dowbload en gebruik MBAM
* download het setup bestand en sla op naar het bureaublad, maar evrander bij het "opslaan als" venstertje de naam alvast!!
dus ipv mbam-setup.exe, maak er bv.problemen-setup.exe van
mbam-setup.exe
* sluit daarna het downloadvenstertje, dus niet meteen laten uitvoeren vanaf download
* Dubbelklik het opgeslagen en hernoemde "problemen-setup.exe" om het programma te installeren. (Vista: rechtermuisklikken > uitvoeren als admin)
* Let er op dat er een vinkje geplaatst is voor "Update Malwarebytes' Anti-Malware" en "Start Malwarebytes' Anti-Malware" > Klik daarna op "Voltooien".
Indien een update gevonden werd, zal die gedownload en genstalleerd worden.
* Wanneer het programma volledig up to date is, selecteer dan in het tabblad "Scanner" de "Snelle Scan" > klik op Scan.
* Als de scan voltooid is, klik op OK > daarna "Bekijk Resultaten" om de resultaten te zien.
* Vink alles aan > klik op: "Verwijder geselecteerde".
* Na het verwijderen zal een log openen en zal er mogelijk gevraagd worden om de computer opnieuw op te starten. (Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde malwarebestanden zal het enkele meldingen geven waarbij je OK moet klikken. Daarna zal het vragen om de pc opnieuw op te starten, sta dit toe.)
* Post de inhoud van het logje mee (haal ook weer even door de kleurcodering)
Indien je het niet automatisch kreeg of je moest herstarten, open weer mbam en neem tabje "logs". Als het daar niet staat, kijk bij C:\Users\Gebruiker\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs (Vista) of het daar staat, in het mapje "logs"


Maak en post ook een vers HJTlogje



Succes

 

[Abraham54]

Re: HJT trojans en pop-ups

Hallo Piliniak, download, installeer en blijf MBAM gebruiken.
Al meteen na de installatie wil MBAM zijn database opwaarderen – toestaan dus.
Ook bij herhaald gebruik: eerst de tab Update aandoen!

Download MBAM (KLIK)

Start MBAM en kies voor Snelle Scan


N.B.: Vistagebruik(st)ers starten MBAM middels rechtsklikken en dan kiezen voor Als Administrator uitvoeren.



Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik dan op de knop OK , daarna op de knop Bekijk Resultaten om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klikken op: Verwijder geselecteerde .
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

Het log wordt automatisch bewaard door MBAM en dat kan je terugvinden door op de tab Logs te klikken in MBAM .

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op OK klikken!
Daarna zal MBAM vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.



Hierna een nieuw Hijack This Log aanmaken en het resultaat daarvan samen met het scanresultaat van MBAM posten;
tevens een Uninstall-lijst posten (Start HijackThis, klik op de knop Open the Misc Tools section, dan op de knop Open Uninstall Manager en als laatse op de knop Save.

 

[Piliniak]

Re: HJT trojans en pop-ups

TFC en MBAM uitgevoerd.

[hjt]
malwarebytes' anti-malware 1.44
database versie: 3571
windows 6.0.6002 service pack 2
internet explorer 8.0.6001.18865
15-1-2010 22:27:30
mbam-log-2010-01-15 (22-27-30).txt
scan type: snelle scan
objecten gescand: 102473
verstreken tijd: 6 minute(s), 35 second(s)
geheugenprocessen genfecteerd: 0
geheugenmodulen genfecteerd: 0
registersleutels genfecteerd: 5
registerwaarden genfecteerd: 0
registerdata bestanden genfecteerd: 0
mappen genfecteerd: 0
bestanden genfecteerd: 0
geheugenprocessen genfecteerd:
(geen kwaadaardige items gevonden)
geheugenmodulen genfecteerd:
(geen kwaadaardige items gevonden)
registersleutels genfecteerd:
hkey_current_user\software\bmimzmhmfm (trojan.fakealert) -> quarantined and deleted successfully.
hkey_current_user\software\d9q071wkgs (trojan.fakealert) -> quarantined and deleted successfully.
hkey_current_user\software\xml (trojan.fakealert) -> quarantined and deleted successfully.
hkey_current_user\software\microsoft\handle (malware.trace) -> quarantined and deleted successfully.
hkey_current_user\software\yno00bfrkm (trojan.fakealert) -> quarantined and deleted successfully.
registerwaarden genfecteerd:
(geen kwaadaardige items gevonden)
registerdata bestanden genfecteerd:
(geen kwaadaardige items gevonden)
mappen genfecteerd:
(geen kwaadaardige items gevonden)
bestanden genfecteerd:
(geen kwaadaardige items gevonden)

[/hjt]


[hjt]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:53, on 15-1-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
c:\windows\system32\dwm.exe
c:\windows\explorer.exe
c:\windows\system32\taskeng.exe
c:\program files\delltpad\apoint.exe
c:\windows\oem02mon.exe
c:\program files\dell\dell webcam manager\dellwmgr.exe
c:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe
c:\program files\dell\mediadirect\pcmservice.exe
c:\program files\dell support center\bin\sprtcmd.exe
c:\program files\adobe\reader 8.0\reader\reader_sl.exe
c:\program files\common files\logishrd\lcommgr\communications_helper.exe
c:\program files\labtec\webcam10\webcam10.exe
c:\program files\sigmatel\c-major audio\wdm\sttray.exe
c:\program files\java\jre6\bin\jusched.exe
c:\program files\avg\avg9\avgtray.exe
c:\program files\itunes\ituneshelper.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehtray.exe
c:\program files\windows live\messenger\msnmsgr.exe
c:\program files\widcomm\bluetooth software\bttray.exe
c:\program files\digital line detect\dlg.exe
c:\windows\ehome\ehmsas.exe
c:\program files\dell\quickset\quickset.exe
c:\program files\delltpad\apmsgfwd.exe
c:\program files\delltpad\apntex.exe
c:\program files\delltpad\hidfind.exe
c:\program files\windows media player\wmpnscfg.exe
c:\program files\common files\logishrd\lcommgr\lvcomsx.exe
c:\program files\widcomm\bluetooth software\btstackserver.exe
c:\program files\common files\roxio shared\9.0\sharedcom\cpshelprunner.exe
c:\program files\mozilla firefox\firefox.exe
c:\program files\trend micro\hijackthis\hijackthis.exe

r1 - hkcu\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hkcu\software\microsoft\internet explorer\main,start page = about:blank
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r1 - hkcu\software\microsoft\internet explorer\main,window title = internet explorer aangeboden door dell
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = *.local
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
o1 - hosts: ::1 localhost
o2 - bho: adobe pdf reader link helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
o2 - bho: skype add-on (mastermind) - {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o2 - bho: wormradar.com iesiteblocker.navfilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
o2 - bho: search helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
o2 - bho: aanmeldhulp voor windows live id - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: browser address error redirector - {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\bae.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: google gears helper - {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
o2 - bho: windows live toolbar helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
o3 - toolbar: &windows live toolbar - {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
o4 - hklm\..\run: [windows defender] %programfiles%\windows defender\msascui.exe -hide
o4 - hklm\..\run: [ecenter] c:\dell\e-center\eulalauncher.exe
o4 - hklm\..\run: [apoint] c:\program files\delltpad\apoint.exe
o4 - hklm\..\run: [oem02mon.exe] c:\windows\oem02mon.exe
o4 - hklm\..\run: [dell webcam manager] c:\program files\dell\dell webcam manager\dellwmgr.exe /s
o4 - hklm\..\run: [isusscheduler] c:\program files\common files\installshield\updateservice\issch.exe -start
o4 - hklm\..\run: [roxwatchtray] c:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe
o4 - hklm\..\run: [dscactivate] c:\program files\dell support center\gs_agent\custom\dsca.exe
o4 - hklm\..\run: [pcmservice] c:\program files\dell\mediadirect\pcmservice.exe
o4 - hklm\..\run: [dellsupportcenter] c:\program files\dell support center\bin\sprtcmd.exe /p dellsupportcenter
o4 - hklm\..\run: [applesyncnotifier] c:\program files\common files\apple\mobile device support\bin\applesyncnotifier.exe
o4 - hklm\..\run: [snpstd] c:\windows\vsnpstd.exe
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files\adobe\reader 8.0\reader\reader_sl.exe
o4 - hklm\..\run: [logitechcommunicationsmanager] c:\program files\common files\logishrd\lcommgr\communications_helper.exe
o4 - hklm\..\run: [logitechquickcamribbon] c:\program files\labtec\webcam10\webcam10.exe /hide
o4 - hklm\..\run: [sigmatelsystrayapp] %programfiles%\sigmatel\c-major audio\wdm\sttray.exe
o4 - hklm\..\run: [quicktime task] c:\program files\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\java\jre6\bin\jusched.exe
o4 - hklm\..\run: [avg9_tray] c:\progra~1\avg\avg9\avgtray.exe
o4 - hklm\..\run: [ituneshelper] c:\program files\itunes\ituneshelper.exe
o4 - hklm\..\run: [nvcpldaemon] rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
o4 - hklm\..\run: [nvhotkey] rundll32.exe c:\windows\system32\nvhotkey.dll,start
o4 - hkcu\..\run: [ehtray.exe] c:\windows\ehome\ehtray.exe
o4 - hkcu\..\run: [dellsupportcenter] c:\program files\dell support center\bin\sprtcmd.exe /p dellsupportcenter
o4 - hkcu\..\run: [msnmsgr] c:\program files\windows live\messenger\msnmsgr.exe /background
o4 - hkcu\..\run: [losalamos] rundll32.exe c:\windows\system32\sshnas21.dll,allocconsolea
o4 - hkcu\..\run: [yno00bfrkm] c:\users\bart\appdata\local\temp\c.exe
o4 - hkus\s-1-5-19\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /detectmem (user 'local service')
o4 - hkus\s-1-5-19\..\run: [windowswelcomecenter] rundll32.exe oobefldr.dll,showwelcomecenter (user 'local service')
o4 - hkus\s-1-5-20\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /detectmem (user 'network service')
o4 - startup: onenote 2007 schermopname en snel starten.lnk = c:\program files\microsoft office\office12\onenotem.exe
o4 - global startup: bttray.lnk = ?
o4 - global startup: digital line detect.lnk = c:\program files\digital line detect\dlg.exe
o4 - global startup: quickset.lnk = ?
o8 - extra context menu item: e&xporteren naar microsoft excel - res://c:\progra~1\micros~2\office12\excel.exe/3000
o8 - extra context menu item: send image to &bluetooth device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
o8 - extra context menu item: send page to &bluetooth device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
o9 - extra button: (no name) - {09c04da7-5b76-4ebc-bbee-b25eac5965f5} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
o9 - extra 'tools' menuitem: &instellingen voor gears - {09c04da7-5b76-4ebc-bbee-b25eac5965f5} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
o9 - extra button: in weblog opnemen - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra 'tools' menuitem: &in weblog opnemen met windows live writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra button: verzenden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra 'tools' menuitem: verz&enden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra button: (no name) - {5067a26b-1337-4436-8afe-ee169c2da79f} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o9 - extra 'tools' menuitem: skype add-on for internet explorer - {5067a26b-1337-4436-8afe-ee169c2da79f} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o9 - extra button: skype - {77bf5300-1474-4ec7-9980-d32b190e9b07} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office12\refiebar.dll
o9 - extra button: @btrez.dll,-4015 - {cca281ca-c863-46ef-9331-5c8d4460577f} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
o9 - extra 'tools' menuitem: @btrez.dll,-12650 - {cca281ca-c863-46ef-9331-5c8d4460577f} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
o13 - gopher prefix:
o16 - dpf: {1e54d648-b804-468d-bc78-4affed8e262e} (system requirements lab) - [noparse]http://www.srtest.com/srl_bin/sysreqlab_srl.cab[/noparse]
o16 - dpf: {3ea4fa88-e0be-419a-a732-9b79b87a6ed0} (ctvuaxctrl object) - [noparse]http://dl.tvunetworks.com/tvuax.cab[/noparse]
o16 - dpf: {4f1e5b1a-2a80-42ca-8532-2d05cb959537} (msn photo upload tool) - [noparse]http://gfx1.hotmail.com/mail/w3/resources/vistamsnpuplden-us.cab[/noparse]
o16 - dpf: {67dabfbf-d0ab-41fa-9c46-cc0f21721616} (divxbrowserplugin object) - [noparse]http://download.divx.com/player/divxbrowserplugin.cab[/noparse]
o16 - dpf: {c3f79a2b-b9b4-4a66-b012-3ee46475b072} (messengerstatsclient class) - [noparse]http://messenger.zone.msn.com/binary/messengerstatspaclient.cab56907.cab[/noparse]
o16 - dpf: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - [noparse]http://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab[/noparse]
o16 - dpf: {f5a7706b-b9c0-4c89-a715-7a0c6b05dd48} (minesweeper flags class) - [noparse]http://messenger.zone.msn.com/binary/minesweeper.cab56986.cab[/noparse]
o18 - protocol: linkscanner - {f274614c-63f8-47d5-a4d1-fbdde494f8d1} - c:\program files\avg\avg9\avgpp.dll
o18 - protocol: skype4com - {ffc8b962-9b40-4dff-9458-1830c7dd7f5d} - c:\progra~1\common~1\skype\skype4~1.dll
o20 - appinit_dlls: c:\progra~1\google\google~2\goec62~1.dll,avgrsstx.dll
o23 - service: andrea st filters service (aestfilters) - andrea electronics corporation - c:\windows\system32\aestsrv.exe
o23 - service: mobiel apple apparaat (apple mobile device) - apple inc. - c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
o23 - service: avg free e-mail scanner (avg9emc) - avg technologies cz, s.r.o. - c:\program files\avg\avg9\avgemc.exe
o23 - service: avg free watchdog (avg9wd) - avg technologies cz, s.r.o. - c:\program files\avg\avg9\avgwdsvc.exe
o23 - service: bonjour-service (bonjour service) - apple inc. - c:\program files\bonjour\mdnsresponder.exe
o23 - service: intel(r) proset/wireless event log (evteng) - intel corporation - c:\program files\intel\wireless\bin\evteng.exe
o23 - service: flexnet licensing service - macrovision europe ltd. - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
o23 - service: googledesktopmanager - google - c:\program files\google\google desktop search\googledesktop.exe
o23 - service: google update service (gupdate) (gupdate) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: installdriver table manager (idrivert) - macrovision corporation - c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe
o23 - service: ipod-service (ipod service) - apple inc. - c:\program files\ipod\bin\ipodservice.exe
o23 - service: lvsrvlauncher - labtec inc. - c:\program files\common files\logishrd\srvlnch\srvlnch.exe
o23 - service: nvidia display driver service (nvsvc) - nvidia corporation - c:\windows\system32\nvvsvc.exe
o23 - service: intel(r) proset/wireless registry service (regsrvc) - intel corporation - c:\program files\intel\wireless\bin\regsrvc.exe
o23 - service: roxmediadb9 - sonic solutions - c:\program files\common files\roxio shared\9.0\sharedcom\roxmediadb9.exe
o23 - service: roxio hard drive watcher 9 (roxwatch9) - sonic solutions - c:\program files\common files\roxio shared\9.0\sharedcom\roxwatch9.exe
o23 - service: supportsoft sprocket service (dellsupportcenter) (sprtsvc_dellsupportcenter) - supportsoft, inc. - c:\program files\dell support center\bin\sprtsvc.exe
o23 - service: sigmatel audio service (stacsv) - idt, inc. - c:\windows\system32\stacsv.exe
o23 - service: steam client service - valve corporation - c:\program files\common files\steam\steamservice.exe
o23 - service: stllssvr - microvision development, inc. - c:\program files\common files\surething shared\stllssvr.exe
o23 - service: xaudioservice - conexant systems, inc. - c:\windows\system32\drivers\xaudio.exe
--
end of file - 13312 bytes

[/hjt]

Torrent
Aan de slag met Dell
Aangifte inkomstenbelasting 2008
AC3Filter (remove only)
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe Media Player
Adobe Media Player
Adobe PDF Library Files
Adobe Reader 8.1.6
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced Audio FX Engine
Advanced Video FX Engine
AGEIA PhysX v7.11.13
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
Bonjour
Broadcom Management Programs
Browser Address Error Redirector
Conexant HDA D330 MDC V.92 Modem
Configuratiescherm MobileMe
DAEMON Tools Toolbar
Dell Support Center
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Digital Line Detect
DivX Web Player
D-Link CIF Webcam
FileZilla Client 3.1.5.1
Football Manager 2009
Free YouTube to Mp3 Converter version 3.1
Google Desktop
Google Earth Plug-in
Google Gears
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) PROSet/Wireless Software
iTunes
Java(TM) 6 Update 17
Junk Mail filter update
Labtec WebCam
Labtec Camera-stuurprogramma
Laptop Integrated Webcam Driver (1.04.01.1011)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Logitech Audio Echo Cancellation Component
Logitech Video Enumerator
Malwarebytes' Anti-Malware
mCore
MediaDirect
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 Language Pack SP1 - nld
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Baseline Security Analyzer 2.1
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
mMHouse
Modem Diagnostic Tool
Mozilla Firefox (3.5.7)
mPfMgr
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MVision
mWMI
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenAL
OutlookAddinSetup
PDF Settings
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Skype web features
Skype 4.1
Sonic Activation Module
SopCast 3.2.4
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Steam
System Requirements Lab
Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
Uninstall 1.0.0.1
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Word 2007 (KB974561)
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
User's Guides
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.6
WIDCOMM Bluetooth Software 6.0.1.3100
Windows Live - Hulpprogramma voor uploaden
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR
WorldShift
Xvid 1.1.3 final uninstall

 

[*Kingpin*]

Re: HJT trojans en pop-ups

MBAM heeft er alvast het nodige uitgehaald, mooi!


In het logje staan de regels nog in, kan wel te maken hebben met Windows Defender (die de fix mogelijk ongedaan gemaakt heeft)


Doe volgende eens:


Schakel tijdelijk windows defender uit
Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken ed.)
* Open Windows Defender > Klik Tools
* Klik "General Settings"
* Scroll naar "Real Time Protection Options"
* Haal het vinkje weg bij "Turn on Real Time Protection (recommended)" > Klik "Save"
* Sluit Windows Defender
(als de problemen over zijn, logje weer schoon verklaard is, kan je 'm weer aanzetten)


Fix met Hijackthis volgende sleutels
* Maak een nieuwe scan met HJT.
* Enkel onderstaande regels aanvinken in de nieuwe scan.
* Even alle open sites (ook deze) sluiten.
* Dan op het knopje "fix checked" klikken.
* Sluit daarna HJT

o4 - hkcu\..\run: [losalamos] rundll32.exe c:\windows\system32\sshnas21.dll,allocconsolea
o4 - hkcu\..\run: [yno00bfrkm] c:\users\bart\appdata\local\temp\c.exe

Herstart de pc


Maak en post ook eens een combofixlogje
Zie hier (klik) voor de uitleg hoe een combofixlogje te maken (de uitleg lijkt langer dan het in principe maar is )
Haal het resultaat van combofix ook nog even door de kleurcodering.


Succes

 

[Piliniak]

Re: HJT trojans en pop-ups

[hjt]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:53, on 15-1-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
c:\windows\system32\dwm.exe
c:\windows\explorer.exe
c:\windows\system32\taskeng.exe
c:\program files\delltpad\apoint.exe
c:\windows\oem02mon.exe
c:\program files\dell\dell webcam manager\dellwmgr.exe
c:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe
c:\program files\dell\mediadirect\pcmservice.exe
c:\program files\dell support center\bin\sprtcmd.exe
c:\program files\adobe\reader 8.0\reader\reader_sl.exe
c:\program files\common files\logishrd\lcommgr\communications_helper.exe
c:\program files\labtec\webcam10\webcam10.exe
c:\program files\sigmatel\c-major audio\wdm\sttray.exe
c:\program files\java\jre6\bin\jusched.exe
c:\program files\avg\avg9\avgtray.exe
c:\program files\itunes\ituneshelper.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehtray.exe
c:\program files\windows live\messenger\msnmsgr.exe
c:\program files\widcomm\bluetooth software\bttray.exe
c:\program files\digital line detect\dlg.exe
c:\windows\ehome\ehmsas.exe
c:\program files\dell\quickset\quickset.exe
c:\program files\delltpad\apmsgfwd.exe
c:\program files\delltpad\apntex.exe
c:\program files\delltpad\hidfind.exe
c:\program files\windows media player\wmpnscfg.exe
c:\program files\common files\logishrd\lcommgr\lvcomsx.exe
c:\program files\widcomm\bluetooth software\btstackserver.exe
c:\program files\common files\roxio shared\9.0\sharedcom\cpshelprunner.exe
c:\program files\mozilla firefox\firefox.exe
c:\program files\trend micro\hijackthis\hijackthis.exe

r1 - hkcu\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hkcu\software\microsoft\internet explorer\main,start page = about:blank
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r1 - hkcu\software\microsoft\internet explorer\main,window title = internet explorer aangeboden door dell
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = *.local
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
o1 - hosts: ::1 localhost
o2 - bho: adobe pdf reader link helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
o2 - bho: skype add-on (mastermind) - {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o2 - bho: wormradar.com iesiteblocker.navfilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
o2 - bho: search helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
o2 - bho: aanmeldhulp voor windows live id - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: browser address error redirector - {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\bae.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: google gears helper - {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
o2 - bho: windows live toolbar helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
o3 - toolbar: &windows live toolbar - {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
o4 - hklm\..\run: [windows defender] %programfiles%\windows defender\msascui.exe -hide
o4 - hklm\..\run: [ecenter] c:\dell\e-center\eulalauncher.exe
o4 - hklm\..\run: [apoint] c:\program files\delltpad\apoint.exe
o4 - hklm\..\run: [oem02mon.exe] c:\windows\oem02mon.exe
o4 - hklm\..\run: [dell webcam manager] c:\program files\dell\dell webcam manager\dellwmgr.exe /s
o4 - hklm\..\run: [isusscheduler] c:\program files\common files\installshield\updateservice\issch.exe -start
o4 - hklm\..\run: [roxwatchtray] c:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe
o4 - hklm\..\run: [dscactivate] c:\program files\dell support center\gs_agent\custom\dsca.exe
o4 - hklm\..\run: [pcmservice] c:\program files\dell\mediadirect\pcmservice.exe
o4 - hklm\..\run: [dellsupportcenter] c:\program files\dell support center\bin\sprtcmd.exe /p dellsupportcenter
o4 - hklm\..\run: [applesyncnotifier] c:\program files\common files\apple\mobile device support\bin\applesyncnotifier.exe
o4 - hklm\..\run: [snpstd] c:\windows\vsnpstd.exe
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files\adobe\reader 8.0\reader\reader_sl.exe
o4 - hklm\..\run: [logitechcommunicationsmanager] c:\program files\common files\logishrd\lcommgr\communications_helper.exe
o4 - hklm\..\run: [logitechquickcamribbon] c:\program files\labtec\webcam10\webcam10.exe /hide
o4 - hklm\..\run: [sigmatelsystrayapp] %programfiles%\sigmatel\c-major audio\wdm\sttray.exe
o4 - hklm\..\run: [quicktime task] c:\program files\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\java\jre6\bin\jusched.exe
o4 - hklm\..\run: [avg9_tray] c:\progra~1\avg\avg9\avgtray.exe
o4 - hklm\..\run: [ituneshelper] c:\program files\itunes\ituneshelper.exe
o4 - hklm\..\run: [nvcpldaemon] rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
o4 - hklm\..\run: [nvhotkey] rundll32.exe c:\windows\system32\nvhotkey.dll,start
o4 - hkcu\..\run: [ehtray.exe] c:\windows\ehome\ehtray.exe
o4 - hkcu\..\run: [dellsupportcenter] c:\program files\dell support center\bin\sprtcmd.exe /p dellsupportcenter
o4 - hkcu\..\run: [msnmsgr] c:\program files\windows live\messenger\msnmsgr.exe /background
o4 - hkcu\..\run: [losalamos] rundll32.exe c:\windows\system32\sshnas21.dll,allocconsolea
o4 - hkcu\..\run: [yno00bfrkm] c:\users\bart\appdata\local\temp\c.exe
o4 - hkus\s-1-5-19\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /detectmem (user 'local service')
o4 - hkus\s-1-5-19\..\run: [windowswelcomecenter] rundll32.exe oobefldr.dll,showwelcomecenter (user 'local service')
o4 - hkus\s-1-5-20\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /detectmem (user 'network service')
o4 - startup: onenote 2007 schermopname en snel starten.lnk = c:\program files\microsoft office\office12\onenotem.exe
o4 - global startup: bttray.lnk = ?
o4 - global startup: digital line detect.lnk = c:\program files\digital line detect\dlg.exe
o4 - global startup: quickset.lnk = ?
o8 - extra context menu item: e&xporteren naar microsoft excel - res://c:\progra~1\micros~2\office12\excel.exe/3000
o8 - extra context menu item: send image to &bluetooth device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
o8 - extra context menu item: send page to &bluetooth device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
o9 - extra button: (no name) - {09c04da7-5b76-4ebc-bbee-b25eac5965f5} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
o9 - extra 'tools' menuitem: &instellingen voor gears - {09c04da7-5b76-4ebc-bbee-b25eac5965f5} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
o9 - extra button: in weblog opnemen - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra 'tools' menuitem: &in weblog opnemen met windows live writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra button: verzenden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra 'tools' menuitem: verz&enden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra button: (no name) - {5067a26b-1337-4436-8afe-ee169c2da79f} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o9 - extra 'tools' menuitem: skype add-on for internet explorer - {5067a26b-1337-4436-8afe-ee169c2da79f} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o9 - extra button: skype - {77bf5300-1474-4ec7-9980-d32b190e9b07} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office12\refiebar.dll
o9 - extra button: @btrez.dll,-4015 - {cca281ca-c863-46ef-9331-5c8d4460577f} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
o9 - extra 'tools' menuitem: @btrez.dll,-12650 - {cca281ca-c863-46ef-9331-5c8d4460577f} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
o13 - gopher prefix:
o16 - dpf: {1e54d648-b804-468d-bc78-4affed8e262e} (system requirements lab) - [noparse]http://www.srtest.com/srl_bin/sysreqlab_srl.cab[/noparse]
o16 - dpf: {3ea4fa88-e0be-419a-a732-9b79b87a6ed0} (ctvuaxctrl object) - [noparse]http://dl.tvunetworks.com/tvuax.cab[/noparse]
o16 - dpf: {4f1e5b1a-2a80-42ca-8532-2d05cb959537} (msn photo upload tool) - [noparse]http://gfx1.hotmail.com/mail/w3/resources/vistamsnpuplden-us.cab[/noparse]
o16 - dpf: {67dabfbf-d0ab-41fa-9c46-cc0f21721616} (divxbrowserplugin object) - [noparse]http://download.divx.com/player/divxbrowserplugin.cab[/noparse]
o16 - dpf: {c3f79a2b-b9b4-4a66-b012-3ee46475b072} (messengerstatsclient class) - [noparse]http://messenger.zone.msn.com/binary/messengerstatspaclient.cab56907.cab[/noparse]
o16 - dpf: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - [noparse]http://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab[/noparse]
o16 - dpf: {f5a7706b-b9c0-4c89-a715-7a0c6b05dd48} (minesweeper flags class) - [noparse]http://messenger.zone.msn.com/binary/minesweeper.cab56986.cab[/noparse]
o18 - protocol: linkscanner - {f274614c-63f8-47d5-a4d1-fbdde494f8d1} - c:\program files\avg\avg9\avgpp.dll
o18 - protocol: skype4com - {ffc8b962-9b40-4dff-9458-1830c7dd7f5d} - c:\progra~1\common~1\skype\skype4~1.dll
o20 - appinit_dlls: c:\progra~1\google\google~2\goec62~1.dll,avgrsstx.dll
o23 - service: andrea st filters service (aestfilters) - andrea electronics corporation - c:\windows\system32\aestsrv.exe
o23 - service: mobiel apple apparaat (apple mobile device) - apple inc. - c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
o23 - service: avg free e-mail scanner (avg9emc) - avg technologies cz, s.r.o. - c:\program files\avg\avg9\avgemc.exe
o23 - service: avg free watchdog (avg9wd) - avg technologies cz, s.r.o. - c:\program files\avg\avg9\avgwdsvc.exe
o23 - service: bonjour-service (bonjour service) - apple inc. - c:\program files\bonjour\mdnsresponder.exe
o23 - service: intel(r) proset/wireless event log (evteng) - intel corporation - c:\program files\intel\wireless\bin\evteng.exe
o23 - service: flexnet licensing service - macrovision europe ltd. - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
o23 - service: googledesktopmanager - google - c:\program files\google\google desktop search\googledesktop.exe
o23 - service: google update service (gupdate) (gupdate) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: installdriver table manager (idrivert) - macrovision corporation - c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe
o23 - service: ipod-service (ipod service) - apple inc. - c:\program files\ipod\bin\ipodservice.exe
o23 - service: lvsrvlauncher - labtec inc. - c:\program files\common files\logishrd\srvlnch\srvlnch.exe
o23 - service: nvidia display driver service (nvsvc) - nvidia corporation - c:\windows\system32\nvvsvc.exe
o23 - service: intel(r) proset/wireless registry service (regsrvc) - intel corporation - c:\program files\intel\wireless\bin\regsrvc.exe
o23 - service: roxmediadb9 - sonic solutions - c:\program files\common files\roxio shared\9.0\sharedcom\roxmediadb9.exe
o23 - service: roxio hard drive watcher 9 (roxwatch9) - sonic solutions - c:\program files\common files\roxio shared\9.0\sharedcom\roxwatch9.exe
o23 - service: supportsoft sprocket service (dellsupportcenter) (sprtsvc_dellsupportcenter) - supportsoft, inc. - c:\program files\dell support center\bin\sprtsvc.exe
o23 - service: sigmatel audio service (stacsv) - idt, inc. - c:\windows\system32\stacsv.exe
o23 - service: steam client service - valve corporation - c:\program files\common files\steam\steamservice.exe
o23 - service: stllssvr - microvision development, inc. - c:\program files\common files\surething shared\stllssvr.exe
o23 - service: xaudioservice - conexant systems, inc. - c:\windows\system32\drivers\xaudio.exe
--
end of file - 13312 bytes

[/hjt]

Combofix volgt binnen enkele minuten.

 

[*Kingpin*]

Re: HJT trojans en pop-ups

Ze zitten er nog in, maar dat is niks, we zien wel met en na combofix om die anders aan te pakken.

 

[Piliniak]

Re: HJT trojans en pop-ups

[hjt]
combofix 10-01-15.01 - bart 15-01-2010 23:11:33.1.2 - x86
microsoft windows vista™ home premium 6.0.6002.2.1252.31.1043.18.2045.1199 [gmt 1:00]
gestart vanuit: c:\users\bart\desktop\combofix.exe
sp: windows defender *enabled* (updated) {d68ddc3a-831f-4fae-9e44-da132c1acf46}
.
(((((((((((((((((((((((((((((((((( andere verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\s-1-5-21-1191131358-1588255431-4017248347-500
c:\$recycle.bin\s-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\s-1-5-21-2815755638-1480285660-2120787009-500
.
(((((((((((((((((((( bestanden gemaakt van 2009-12-15 to 2010-01-15 ))))))))))))))))))))))))))))))
.
2010-01-15 22:22 . 2010-01-15 22:22 -------- d-----w- c:\users\bart\appdata\local\temp
2010-01-15 22:22 . 2010-01-15 22:22 -------- d-----w- c:\users\default\appdata\local\temp
2010-01-15 19:09 . 2010-01-15 19:09 -------- d-----w- c:\users\bart\appdata\local\apple computer
2010-01-13 08:17 . 2010-01-13 08:20 -------- d-----w- c:\a36554d4969cfd3eaa7cbd9d
2010-01-13 08:14 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 08:14 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-07 02:01 . 2010-01-07 02:01 -------- d-----w- c:\users\bart\appdata\roaming\de.makesoft.twhirl.0ea062bc275e7ed1e6ec3762effd73c7158adf33.1
2010-01-07 01:37 . 2010-01-07 01:37 -------- d-----w- c:\users\bart\appdata\roaming\tweetdeckfast.fff259dc0ce2657847bbb4aff0e62062efc56543.1
2010-01-07 01:37 . 2010-01-07 01:36 38784 ----a-w- c:\users\bart\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-07 01:37 . 2010-01-07 01:36 38784 ----a-w- c:\users\default\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-07 01:36 . 2010-01-07 01:36 -------- d-----w- c:\program files\common files\adobe air
2010-01-03 13:01 . 2010-01-03 13:01 -------- d-----w- c:\program files\windows portable devices
2010-01-03 12:05 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\uiribbon.dll
2010-01-03 12:05 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\uiribbonres.dll
2010-01-03 12:05 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\uianimation.dll
2010-01-03 12:03 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\uiautomationcore.dll
2010-01-03 12:03 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-01-03 12:03 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-01-03 11:58 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-01-03 11:58 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.dll
2010-01-02 18:09 . 2010-01-02 18:09 -------- d-----w- c:\users\bart\appdata\local\gamespy
2010-01-02 18:09 . 2010-01-15 21:17 -------- d-----w- c:\users\bart\appdata\local\applicationhistory
2010-01-02 18:09 . 2010-01-02 18:09 92 ----a-w- c:\users\bart\appdata\local\fusioncache.dat
2010-01-02 18:04 . 2010-01-02 18:26 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-01-02 18:04 . 2010-01-02 18:26 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-01-02 17:10 . 2010-01-02 17:10 -------- d-----w- c:\program files\gamespy
2010-01-02 17:08 . 2010-01-02 17:08 -------- d-----w- c:\windows\system32\urttemp
2010-01-02 17:04 . 2010-01-02 18:05 -------- d-----w- c:\users\bart\appdata\roaming\worldshift
2010-01-02 16:57 . 2010-01-02 16:57 -------- d-----w- c:\program files\playlogic
2009-12-23 15:27 . 2009-12-23 15:27 -------- d-----w- c:\program files\ac3filter
2009-12-22 13:37 . 2009-12-22 13:36 4043544 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2009-12-22 13:37 . 2009-12-18 15:17 294656 ----a-w- c:\programdata\avg9\update\backup\avglngx.dll
2009-12-22 13:37 . 2009-12-22 13:36 3966744 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
.
((((((((((((((((((((((((((((((((((((((( find3m rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 22:08 . 2009-06-29 14:24 31776 ----a-w- c:\programdata\nvmodes.dat
2010-01-15 22:06 . 2008-03-01 10:15 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-15 22:06 . 2009-10-23 14:29 -------- d-----w- c:\users\bart\appdata\roaming\utorrent
2010-01-15 21:16 . 2009-05-17 14:05 -------- d-----w- c:\program files\malwarebytes' anti-malware
2010-01-15 18:40 . 2008-06-30 09:56 -------- d-----w- c:\program files\spybot - search & destroy
2010-01-15 16:51 . 2009-11-09 14:32 -------- d-----w- c:\programdata\avg9
2010-01-14 04:19 . 2008-03-12 17:52 7808 ----a-w- c:\users\bart\appdata\local\d3d9caps.dat
2010-01-13 08:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\windows mail
2010-01-09 20:02 . 2006-11-02 16:11 677454 ----a-w- c:\windows\system32\perfh013.dat
2010-01-09 20:02 . 2006-11-02 16:11 131774 ----a-w- c:\windows\system32\perfc013.dat
2010-01-07 15:07 . 2009-05-17 14:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-05-17 14:05 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 13:05 . 2008-03-08 19:11 -------- d-----w- c:\programdata\nvidia
2010-01-03 13:01 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-03 13:01 . 2010-01-03 13:01 0 ---ha-w- c:\windows\system32\drivers\msft_user_wpdmtpdr_01_07_00.wdf
2010-01-03 13:01 . 2010-01-03 13:01 0 ---ha-w- c:\windows\system32\drivers\msft_user_wpdfs_01_07_00.wdf
2010-01-03 12:05 . 2008-03-01 10:38 -------- d-----w- c:\programdata\microsoft help
2009-12-24 12:36 . 2009-12-06 19:20 -------- d-----w- c:\users\bart\appdata\roaming\skype
2009-12-24 10:16 . 2009-12-06 19:24 -------- d-----w- c:\users\bart\appdata\roaming\skypepm
2009-12-17 01:47 . 2008-03-01 10:43 -------- d-----w- c:\program files\google
2009-12-06 19:24 . 2009-12-06 19:24 48 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-06 19:20 . 2009-12-06 19:20 -------- d-----r- c:\program files\skype
2009-12-06 19:20 . 2009-12-06 19:20 -------- d-----w- c:\program files\common files\skype
2009-12-06 19:20 . 2009-12-06 19:20 -------- d-----w- c:\programdata\skype
2009-12-06 14:01 . 2009-02-17 15:54 -------- d-----w- c:\program files\steam
2009-11-21 06:40 . 2009-12-09 05:52 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 05:52 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 05:52 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 05:52 133632 ----a-w- c:\windows\system32\ieunatt.exe
2009-11-17 02:40 . 2009-11-17 02:40 -------- d-----w- c:\program files\itunes
2009-11-17 02:40 . 2009-11-17 02:40 -------- d-----w- c:\program files\ipod
2009-11-17 02:40 . 2008-03-09 16:41 -------- d-----w- c:\program files\common files\apple
2009-11-17 02:36 . 2009-11-17 02:36 79144 ----a-w- c:\programdata\apple computer\installer cache\itunes 9.0.2.25\setupadmin.exe
2009-11-11 08:25 . 2009-03-26 20:16 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-09 14:32 . 2009-03-26 20:16 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-09 14:32 . 2008-03-12 15:54 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-09 14:32 . 2009-03-26 20:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-09 12:31 . 2009-12-09 10:03 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-09 10:03 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-09 10:03 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-02 19:42 . 2009-10-03 15:56 195456 ------w- c:\windows\system32\mpsigstub.exe
2009-10-29 09:17 . 2009-11-25 02:02 2048 ----a-w- c:\windows\system32\tzres.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-03-01 10:31 . 2008-03-01 10:31 76 --sh--r- c:\windows\ct4cet.bin
2008-03-01 18:07 . 2008-03-01 17:50 8192 --sha-w- c:\windows\users\default\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
regedit4
[hkey_current_user\software\microsoft\windows\currentversion\run]
"ehtray.exe"=c:\windows\ehome\ehtray.exe [2008-01-19 125952]
"dellsupportcenter"=c:\program files\dell support center\bin\sprtcmd.exe [2007-11-15 202544]
"msnmsgr"=c:\program files\windows live\messenger\msnmsgr.exe [2009-07-26 3883856]
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"windows defender"=c:\program files\windows defender\msascui.exe [2008-01-19 1008184]
"ecenter"=c:\dell\e-center\eulalauncher.exe [2007-05-25 17920]
"apoint"=c:\program files\delltpad\apoint.exe [2007-09-24 159744]
"oem02mon.exe"=c:\windows\oem02mon.exe [2007-12-03 36864]
"dell webcam manager"=c:\program files\dell\dell webcam manager\dellwmgr.exe [2007-07-27 118784]
"isusscheduler"=c:\program files\common files\installshield\updateservice\issch.exe [2006-10-03 81920]
"roxwatchtray"=c:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe [2006-11-05 221184]
"dscactivate"=c:\program files\dell support center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"pcmservice"=c:\program files\dell\mediadirect\pcmservice.exe [2007-11-01 189736]
"dellsupportcenter"=c:\program files\dell support center\bin\sprtcmd.exe [2007-11-15 202544]
"applesyncnotifier"=c:\program files\common files\apple\mobile device support\bin\applesyncnotifier.exe [2008-09-03 111936]
"snpstd"=c:\windows\vsnpstd.exe [2003-12-30 40960]
"adobe reader speed launcher"=c:\program files\adobe\reader 8.0\reader\reader_sl.exe [2008-10-15 39792]
"logitechcommunicationsmanager"=c:\program files\common files\logishrd\lcommgr\communications_helper.exe [2007-03-06 488984]
"logitechquickcamribbon"=c:\program files\labtec\webcam10\webcam10.exe [2007-03-06 1060376]
"sigmatelsystrayapp"=c:\program files\sigmatel\c-major audio\wdm\sttray.exe [2008-01-02 405504]
"quicktime task"=c:\program files\quicktime\qttask.exe [2009-09-04 417792]
"sunjavaupdatesched"=c:\program files\java\jre6\bin\jusched.exe [2009-10-11 149280]
"avg9_tray"=c:\progra~1\avg\avg9\avgtray.exe [2009-12-31 2033432]
"ituneshelper"=c:\program files\itunes\ituneshelper.exe [2009-10-28 141600]
"nvcpldaemon"=c:\windows\system32\nvcpl.dll [2009-06-16 13793824]
"nvhotkey"=c:\windows\system32\nvhotkey.dll [2009-06-16 92704]
c:\users\bart\appdata\roaming\microsoft\windows\start menu\programs\startup\
onenote 2007 schermopname en snel starten.lnk - c:\program files\microsoft office\office12\onenotem.exe [2008-10-25 98696]
c:\programdata\microsoft\windows\start menu\programs\startup\
bttray.lnk - c:\program files\widcomm\bluetooth software\bttray.exe [2006-11-3 703280]
digital line detect.lnk - c:\program files\digital line detect\dlg.exe [2008-3-1 50688]
quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\newshortcut2_53a01cc614b04512a2e710d39bf83dc4.exe [2008-3-1 45056]
[hkey_local_machine\software\microsoft\windows\currentversion\policies\system]
"enableuiadesktoptoggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\progra~1\google\google~2\googledesktopnetwork3.dll c:\windows\system32\avgrsstx.dll
[hkey_local_machine\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\wdf01000.sys]
@="driver"
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\windefend]
@="service"
[hkey_local_machine\software\microsoft\security center\monitoring\mcafeeantispyware]
"disablemonitoring"=dword:00000001
[hkey_local_machine\software\microsoft\security center\svc]
"vistasp2"=hex(b):ae,8d,fa,59,5d,20,ca,01
r1 avgldx86;avg free avi loader driver x86;c:\windows\system32\drivers\avgldx86.sys [26-3-2009 21:16 333192]
r1 avgtdix;avg free8 network redirector;c:\windows\system32\drivers\avgtdix.sys [26-3-2009 21:16 360584]
r2 aestfilters;andrea st filters service;c:\windows\system32\aestsrv.exe [1-3-2008 11:13 73728]
r2 avg9emc;avg free e-mail scanner;c:\program files\avg\avg9\avgemc.exe [9-11-2009 15:32 906520]
r2 avg9wd;avg free watchdog;c:\program files\avg\avg9\avgwdsvc.exe [9-11-2009 15:32 285392]
s0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17-6-2009 23:34 721904]
s2 gupdate;google update service (gupdate);c:\program files\google\update\googleupdate.exe [11-8-2009 0:51 133104]
s3 fontcache;windows font cache service;c:\windows\system32\svchost.exe -k localserviceandnoimpersonation [13-6-2008 13:26 21504]
[hkey_local_machine\software\microsoft\windows nt\currentversion\svchost]
bthsvcs reg_multi_sz bthserv
localserviceandnoimpersonation reg_multi_sz fontcache
.
inhoud van de 'gedeelde taken' map
2010-01-15 c:\windows\tasks\googleupdatetaskmachinecore.job
- c:\program files\google\update\googleupdate.exe [2009-08-10 23:51]
2010-01-15 c:\windows\tasks\googleupdatetaskmachineua.job
- c:\program files\google\update\googleupdate.exe [2009-08-10 23:51]
.
.
------- bijkomende scan -------
.
ustart page = about:blank
uinternet settings,proxyoverride = *.local
ie: e&xporteren naar microsoft excel - c:\progra~1\micros~2\office12\excel.exe/3000
ie: send image to &bluetooth device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
ie: send page to &bluetooth device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
ff - profilepath - c:\users\bart\appdata\roaming\mozilla\firefox\profiles\g1zarjja.default\
ff - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
ff - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
ff - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
ff - plugin: c:\program files\google\update\1.2.183.13\npgoogleoneclick8.dll
ff - plugin: c:\program files\microsoft\office live\npolw.dll
ff - plugin: c:\program files\mozilla firefox\plugins\np-mswmp.dll
ff - plugin: c:\program files\unity\webplayer\loader\npunity3d32.dll
ff - plugin: c:\program files\windows live\photo gallery\npwlpg.dll
ff - hiddenextension: microsoft .net framework assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
.
- - - - orphans verwijderd - - - -
webbrowser-{d4027c7f-154a-4066-a1ad-4243d8127440} - (no file)
hkcu-run-adobebridge - (no file)
addremove-daemon tools toolbar - c:\program files\daemon tools toolbar\uninst.exe
**************************************************************************
catchme 0.3.1398 w2k/xp/vista - rootkit/stealth malware detector by gmer, [noparse]http://www.gmer.net[/noparse]
rootkit scan 2010-01-15 23:22
windows 6.0.6002 service pack 2 ntfs
scannen van verborgen processen ...
[0] 0x00000006
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- vergrendelde register sleutels ---------------------
[hkey_local_machine\system\controlset001\control\class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\allusersettings]
@denied: (a) (users)
@denied: (a) (everyone)
@allowed: (b 1 2 3 4 5) (s-1-5-20)
"blinddial"=dword:00000000
.
voltooingstijd: 2010-01-15 23:26:27
combofix-quarantined-files.txt 2010-01-15 22:26
pre-run: 60.491.304.960 bytes beschikbaar
post-run: 60.444.209.152 bytes beschikbaar
- - end of file - - 1e06a3544b180d212f85c54b9efea337

[/hjt]

 

[*Kingpin*]

Re: HJT trojans en pop-ups

Ziet er goed uit


Ik zag het nu ook maar eerst, maar kan je nog eens een vers HJTlogje maken en posten, want het vorige was hetzelfde als het eerste (20u13)
Zo te zien aan het combofixlogje zijn die 2 malwareregels van eerder er nl. ondertussen reeds uit


Wat je ook nog kan doen, is Java RE updaten naar update 18:
http://www.nationaalcomputerforum.nl/showpost.php?p=545699&postcount=2


Hoe gaat het inmiddels met de pc? Heb je nog last van popups? Zoja, wat voor popups (evtl. vensternaam, of "onderwerp" (bv. zogezegde antimalware software, ...)
Krijg je nog meldingen van AVG? Zoja, hoe luiden deze meldingen? Wordt er een bestandsnaam/locatie in vermeld? kan je die dan evn noteren/meeposten?


Succes!

 

[Piliniak]

Re: HJT trojans en pop-ups

Heb geen pop-ups meer gehad. Het waren vaak pop-ups van SMS-diensten. Ook de trojan-meldingen van AVG heb ik niet meer gehad.

[hjt]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:01:45, on 16-1-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
c:\windows\system32\dwm.exe
c:\windows\explorer.exe
c:\windows\system32\taskeng.exe
c:\program files\delltpad\apoint.exe
c:\windows\oem02mon.exe
c:\program files\dell\dell webcam manager\dellwmgr.exe
c:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe
c:\program files\dell\mediadirect\pcmservice.exe
c:\program files\dell support center\bin\sprtcmd.exe
c:\program files\common files\logishrd\lcommgr\communications_helper.exe
c:\program files\labtec\webcam10\webcam10.exe
c:\program files\sigmatel\c-major audio\wdm\sttray.exe
c:\program files\java\jre6\bin\jusched.exe
c:\program files\avg\avg9\avgtray.exe
c:\program files\itunes\ituneshelper.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehtray.exe
c:\program files\windows live\messenger\msnmsgr.exe
c:\program files\widcomm\bluetooth software\bttray.exe
c:\program files\digital line detect\dlg.exe
c:\program files\dell\quickset\quickset.exe
c:\program files\windows media player\wmpnscfg.exe
c:\windows\ehome\ehmsas.exe
c:\program files\widcomm\bluetooth software\btstackserver.exe
c:\program files\delltpad\hidfind.exe
c:\program files\delltpad\apntex.exe
c:\windows\system32\conime.exe
c:\program files\common files\roxio shared\9.0\sharedcom\cpshelprunner.exe
c:\program files\common files\logishrd\lcommgr\lvcomsx.exe
c:\program files\windows live\contacts\wlcomm.exe
c:\program files\mozilla firefox\firefox.exe
c:\program files\utorrent\utorrent.exe
c:\program files\trend micro\hijackthis\hijackthis.exe

r0 - hkcu\software\microsoft\internet explorer\main,start page = about:blank
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=4080301[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = *.local
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
o1 - hosts: ::1 localhost
o2 - bho: adobe pdf reader link helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
o2 - bho: skype add-on (mastermind) - {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o2 - bho: wormradar.com iesiteblocker.navfilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
o2 - bho: search helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
o2 - bho: aanmeldhulp voor windows live id - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: browser address error redirector - {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\bae.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: google gears helper - {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
o2 - bho: windows live toolbar helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
o3 - toolbar: &windows live toolbar - {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
o4 - hklm\..\run: [windows defender] %programfiles%\windows defender\msascui.exe -hide
o4 - hklm\..\run: [ecenter] c:\dell\e-center\eulalauncher.exe
o4 - hklm\..\run: [apoint] c:\program files\delltpad\apoint.exe
o4 - hklm\..\run: [oem02mon.exe] c:\windows\oem02mon.exe
o4 - hklm\..\run: [dell webcam manager] c:\program files\dell\dell webcam manager\dellwmgr.exe /s
o4 - hklm\..\run: [isusscheduler] c:\program files\common files\installshield\updateservice\issch.exe -start
o4 - hklm\..\run: [roxwatchtray] c:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe
o4 - hklm\..\run: [dscactivate] c:\program files\dell support center\gs_agent\custom\dsca.exe
o4 - hklm\..\run: [pcmservice] c:\program files\dell\mediadirect\pcmservice.exe
o4 - hklm\..\run: [dellsupportcenter] c:\program files\dell support center\bin\sprtcmd.exe /p dellsupportcenter
o4 - hklm\..\run: [applesyncnotifier] c:\program files\common files\apple\mobile device support\bin\applesyncnotifier.exe
o4 - hklm\..\run: [snpstd] c:\windows\vsnpstd.exe
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files\adobe\reader 8.0\reader\reader_sl.exe
o4 - hklm\..\run: [logitechcommunicationsmanager] c:\program files\common files\logishrd\lcommgr\communications_helper.exe
o4 - hklm\..\run: [logitechquickcamribbon] c:\program files\labtec\webcam10\webcam10.exe /hide
o4 - hklm\..\run: [sigmatelsystrayapp] %programfiles%\sigmatel\c-major audio\wdm\sttray.exe
o4 - hklm\..\run: [quicktime task] c:\program files\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\java\jre6\bin\jusched.exe
o4 - hklm\..\run: [avg9_tray] c:\progra~1\avg\avg9\avgtray.exe
o4 - hklm\..\run: [ituneshelper] c:\program files\itunes\ituneshelper.exe
o4 - hklm\..\run: [nvcpldaemon] rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
o4 - hklm\..\run: [nvhotkey] rundll32.exe c:\windows\system32\nvhotkey.dll,start
o4 - hkcu\..\run: [ehtray.exe] c:\windows\ehome\ehtray.exe
o4 - hkcu\..\run: [dellsupportcenter] c:\program files\dell support center\bin\sprtcmd.exe /p dellsupportcenter
o4 - hkcu\..\run: [msnmsgr] c:\program files\windows live\messenger\msnmsgr.exe /background
o4 - startup: onenote 2007 schermopname en snel starten.lnk = c:\program files\microsoft office\office12\onenotem.exe
o4 - global startup: bttray.lnk = ?
o4 - global startup: digital line detect.lnk = c:\program files\digital line detect\dlg.exe
o4 - global startup: quickset.lnk = ?
o8 - extra context menu item: e&xporteren naar microsoft excel - res://c:\progra~1\micros~2\office12\excel.exe/3000
o8 - extra context menu item: send image to &bluetooth device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
o8 - extra context menu item: send page to &bluetooth device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
o9 - extra button: (no name) - {09c04da7-5b76-4ebc-bbee-b25eac5965f5} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
o9 - extra 'tools' menuitem: &instellingen voor gears - {09c04da7-5b76-4ebc-bbee-b25eac5965f5} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
o9 - extra button: in weblog opnemen - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra 'tools' menuitem: &in weblog opnemen met windows live writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra button: verzenden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra 'tools' menuitem: verz&enden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra button: (no name) - {5067a26b-1337-4436-8afe-ee169c2da79f} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o9 - extra 'tools' menuitem: skype add-on for internet explorer - {5067a26b-1337-4436-8afe-ee169c2da79f} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o9 - extra button: skype - {77bf5300-1474-4ec7-9980-d32b190e9b07} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office12\refiebar.dll
o9 - extra button: @btrez.dll,-4015 - {cca281ca-c863-46ef-9331-5c8d4460577f} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
o9 - extra 'tools' menuitem: @btrez.dll,-12650 - {cca281ca-c863-46ef-9331-5c8d4460577f} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
o16 - dpf: {1e54d648-b804-468d-bc78-4affed8e262e} (system requirements lab) - [noparse]http://www.srtest.com/srl_bin/sysreqlab_srl.cab[/noparse]
o16 - dpf: {3ea4fa88-e0be-419a-a732-9b79b87a6ed0} (ctvuaxctrl object) - [noparse]http://dl.tvunetworks.com/tvuax.cab[/noparse]
o16 - dpf: {4f1e5b1a-2a80-42ca-8532-2d05cb959537} (msn photo upload tool) - [noparse]http://gfx1.hotmail.com/mail/w3/resources/vistamsnpuplden-us.cab[/noparse]
o16 - dpf: {67dabfbf-d0ab-41fa-9c46-cc0f21721616} (divxbrowserplugin object) - [noparse]http://download.divx.com/player/divxbrowserplugin.cab[/noparse]
o16 - dpf: {c3f79a2b-b9b4-4a66-b012-3ee46475b072} (messengerstatsclient class) - [noparse]http://messenger.zone.msn.com/binary/messengerstatspaclient.cab56907.cab[/noparse]
o16 - dpf: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - [noparse]http://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab[/noparse]
o16 - dpf: {f5a7706b-b9c0-4c89-a715-7a0c6b05dd48} (minesweeper flags class) - [noparse]http://messenger.zone.msn.com/binary/minesweeper.cab56986.cab[/noparse]
o18 - protocol: linkscanner - {f274614c-63f8-47d5-a4d1-fbdde494f8d1} - c:\program files\avg\avg9\avgpp.dll
o18 - protocol: skype4com - {ffc8b962-9b40-4dff-9458-1830c7dd7f5d} - c:\progra~1\common~1\skype\skype4~1.dll
o20 - appinit_dlls: c:\progra~1\google\google~2\googledesktopnetwork3.dll c:\windows\system32\avgrsstx.dll
o23 - service: andrea st filters service (aestfilters) - andrea electronics corporation - c:\windows\system32\aestsrv.exe
o23 - service: mobiel apple apparaat (apple mobile device) - apple inc. - c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
o23 - service: avg free e-mail scanner (avg9emc) - avg technologies cz, s.r.o. - c:\program files\avg\avg9\avgemc.exe
o23 - service: avg free watchdog (avg9wd) - avg technologies cz, s.r.o. - c:\program files\avg\avg9\avgwdsvc.exe
o23 - service: bonjour-service (bonjour service) - apple inc. - c:\program files\bonjour\mdnsresponder.exe
o23 - service: intel(r) proset/wireless event log (evteng) - intel corporation - c:\program files\intel\wireless\bin\evteng.exe
o23 - service: flexnet licensing service - macrovision europe ltd. - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
o23 - service: googledesktopmanager - google - c:\program files\google\google desktop search\googledesktop.exe
o23 - service: google update service (gupdate) (gupdate) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: installdriver table manager (idrivert) - macrovision corporation - c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe
o23 - service: ipod-service (ipod service) - apple inc. - c:\program files\ipod\bin\ipodservice.exe
o23 - service: lvsrvlauncher - labtec inc. - c:\program files\common files\logishrd\srvlnch\srvlnch.exe
o23 - service: nvidia display driver service (nvsvc) - nvidia corporation - c:\windows\system32\nvvsvc.exe
o23 - service: intel(r) proset/wireless registry service (regsrvc) - intel corporation - c:\program files\intel\wireless\bin\regsrvc.exe
o23 - service: roxmediadb9 - sonic solutions - c:\program files\common files\roxio shared\9.0\sharedcom\roxmediadb9.exe
o23 - service: roxio hard drive watcher 9 (roxwatch9) - sonic solutions - c:\program files\common files\roxio shared\9.0\sharedcom\roxwatch9.exe
o23 - service: supportsoft sprocket service (dellsupportcenter) (sprtsvc_dellsupportcenter) - supportsoft, inc. - c:\program files\dell support center\bin\sprtsvc.exe
o23 - service: sigmatel audio service (stacsv) - idt, inc. - c:\windows\system32\stacsv.exe
o23 - service: steam client service - valve corporation - c:\program files\common files\steam\steamservice.exe
o23 - service: stllssvr - microvision development, inc. - c:\program files\common files\surething shared\stllssvr.exe
o23 - service: xaudioservice - conexant systems, inc. - c:\windows\system32\drivers\xaudio.exe
--
end of file - 12498 bytes

[/hjt]

 

[*Kingpin*]

Re: HJT trojans en pop-ups

Dat ziet er goed uit, het HJT logje is malwarevrij. Mooi dat je ook geen popups of meldingen van AVG meer gehad hebt. (Y)
We zullen het topic op opgelost zetten, maar mocht je evtl. toch nog wat merken, aarzel niet het te laten weten.


Desgewenst kan je gebruikte tools zoals TFC, combofix weer verwijderen.


Als alles de komende uren/dagen in orde blijft, kan je ook nog deze algemene stappen doen :

* Indien je gebruik maakt van de functie Systeemherstel en die dus aan stond tijdens de infectie, is het aan te raden de oude (waaronder dan ook besmette) herstelpunten eens flushen, en een nieuw herstelpunt aanmaken in de huidige cleane situatie. Dit kan door systeemherstel even uit, en dan weer aan te zetten: meer info (het voorbeeld is van XP, maar dit is voor Vista nog ong. hetzelfde)
* Daarna de PC herstarten en evtl. eens schijfdefragmentatie uitvoeren : Sluit eerst zoveel mogelijk openstaande sites en programma's (mail, games, fotobewerksoftware, ...) > Ga naar Start > Alle programma's > Bureau-accessoires > Systeemwerkset > Schijfdefragmentatie > Klik knopje "Defragmenteren" en wacht tot het klaar is. meer info
* En hier nog wat info over malware en hoe infecties, herinfecties te helpen voorkomen: meer info


Veel malwarevrij en problemenvrij pc plezier verder

 

[Piliniak]

Ik denk dat het inderdaad opgelost is. Bedankt voor de hulp!

 

[*Kingpin*]

Graag gedaan, mooi dat je van de malware verlost bent!

(We zullen het topic naar de opgeloste HJTlogs verplaatsen, maar mocht je evtl. toch nog iets merken, aarzel niet het te laten weten.)